* Mon Dec 30 2024 Jean-Philippe Pialasse <jpp@koozali.org> 2.8.0-42.sme
- add CSP support [SME: 9566]
This commit is contained in:
parent
c4ed6b178d
commit
7c7e1e6389
@ -4,7 +4,7 @@ Summary: e-smith manager navigation module
|
|||||||
%define name e-smith-manager
|
%define name e-smith-manager
|
||||||
Name: %{name}
|
Name: %{name}
|
||||||
%define version 2.8.0
|
%define version 2.8.0
|
||||||
%define release 41
|
%define release 42
|
||||||
Version: %{version}
|
Version: %{version}
|
||||||
Release: %{release}%{?dist}
|
Release: %{release}%{?dist}
|
||||||
License: GPL
|
License: GPL
|
||||||
@ -24,6 +24,9 @@ Provides: server-manager
|
|||||||
AutoReqProv: no
|
AutoReqProv: no
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Dec 30 2024 Jean-Philippe Pialasse <jpp@koozali.org> 2.8.0-42.sme
|
||||||
|
- add CSP support [SME: 9566]
|
||||||
|
|
||||||
* Tue Mar 26 2024 Jean-Philippe Pialasse <jpp@koozali.org> 2.8.0-41.sme
|
* Tue Mar 26 2024 Jean-Philippe Pialasse <jpp@koozali.org> 2.8.0-41.sme
|
||||||
- fix systemd service file [SME: 12556]
|
- fix systemd service file [SME: 12556]
|
||||||
|
|
||||||
|
|||||||
@ -31,6 +31,14 @@
|
|||||||
} else {
|
} else {
|
||||||
$OUT .= " Require ip $localAccess\n";
|
$OUT .= " Require ip $localAccess\n";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# any server-manager script or style added in line should be hashed and added here to run in a modern browser
|
||||||
|
$OUT .= " Header set Content-Security-Policy \"script-src 'self' https://$virtualHost 'unsafe-hashes' "
|
||||||
|
." 'sha256-bu1Wbll/1+gfjCxVn9czXKc7IhIJRjJgNFdNltH+09c=' 'sha256-MQmv1rIdRtr7sC3167eTWkTNMSq5QzWRPxhOzKUtvKg=' 'sha256-DuDis7gGgnegJBjroiLOJwY+DvfilQsYswIXb6lNE8c=' 'sha256-FengF4xZO+fXC/zBgGGYYPLtc95CEZAk+vS7A9OR64o=' ;"
|
||||||
|
." style-src 'self' https://$virtualHost 'unsafe-hashes' "
|
||||||
|
." 'sha256-ABT3Vs4q5dwUnsKaFzA38LnsL3426dj6CkNKRofyqjA=' 'sha256-upqzRUpu+M2pCK19HHLg5oUeQnpEXij9kojuDNdJnGc=' 'sha256-sa1JolVbZz72+sa0pOWp/LBIoZfF9P1N8Gzy5u3C3Qc=' 'sha256-q9xrwNUn7ieRndtLNP/uNCEBKXjzTzvZv1fddtmMK9w=' ;"
|
||||||
|
." script-src-attr 'self' https://$virtualHost 'unsafe-hashes' 'sha256-QgFUvJuzASZ+WbF57Vn8eQoWvuBJ78nF7YMraPzQVvg=' \"\n";
|
||||||
|
|
||||||
$OUT .= " </Location>\n";
|
$OUT .= " </Location>\n";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -288,6 +288,18 @@ sub showNavigation ($)
|
|||||||
// End script hiding -->
|
// End script hiding -->
|
||||||
</script>
|
</script>
|
||||||
";
|
";
|
||||||
|
print '
|
||||||
|
<script language="JavaScript" type="text/javascript">
|
||||||
|
<!-- Hide script
|
||||||
|
window.onload = function(){
|
||||||
|
var menuitems = document.getElementsByClassName("item");
|
||||||
|
var i = menuitems.length;
|
||||||
|
while (i--)
|
||||||
|
menuitems[i].addEventListener("click", function(){swapClasses(this.id)});
|
||||||
|
};
|
||||||
|
// End script hiding -->
|
||||||
|
</script>
|
||||||
|
';
|
||||||
|
|
||||||
foreach my $h (sort {
|
foreach my $h (sort {
|
||||||
($nav{$a}{'WEIGHT'}/$nav{$a}{'COUNT'}) <=>
|
($nav{$a}{'WEIGHT'}/$nav{$a}{'COUNT'}) <=>
|
||||||
@ -320,7 +332,7 @@ sub showNavigation ($)
|
|||||||
$q->td ({-class => "menu-cell"},
|
$q->td ({-class => "menu-cell"},
|
||||||
$q->a ({-id => "sme$c",
|
$q->a ({-id => "sme$c",
|
||||||
-class => "item",
|
-class => "item",
|
||||||
-onClick => "swapClasses('sme$c')",
|
#-onClick => "swapClasses(this.id)", #with CSP replaced by eventlistener
|
||||||
href => $href,
|
href => $href,
|
||||||
target => 'main'},
|
target => 'main'},
|
||||||
$_->{'DESCRIPTION'})
|
$_->{'DESCRIPTION'})
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user